Organizations constantly struggle with vulnerabilities affecting operating systems, applications, and third-party software. These weaknesses expand the attack surface and can be exploited by attackers to compromise the confidentiality, integrity, or availability of systems. Wazuh offers vulnerability detection capability that identifies vulnerabilities in systems and software. However, security analysts must also determine a vulnerability’s exploitability, potential […]

GreenBlood ransomware is a Go-based ransomware family that has recently emerged in the threat landscape, targeting Windows environments while employing a double-extortion model. The malware is engineered for high-speed execution and parallel file encryption, leveraging the performance and portability benefits of a compiled, statically linked language. This design allows GreenBlood to rapidly impact infected systems […]

DNS tunneling allows attackers to hide malicious data and commands within legitimate Domain Name System (DNS) traffic, bypassing firewalls and security controls. Attackers exploit the fact that DNS traffic is often permitted on networks without deep inspection to encode sensitive data and commands into DNS queries and responses. This creates a covert communication channel between […]

Salat stealer is a rapidly emerging Go-based information stealer offered under a Malware-as-a-Service (MaaS) model, enabling widespread access to the malware for threat actors. The malware leverages dedicated command and control (C2) infrastructure to manage infected endpoints and exfiltrate stolen data at scale. It primarily targets Windows endpoints to collect browser credentials, Telegram sessions, and […]

It is essential to log and audit Kubernetes cluster events. Check our new blog post to learn how to audit Kubernetes events with Wazuh.

Endpoint hardening is a continuous process for securing modern IT environments against vulnerabilities and misconfigurations. It reduces the attack surface of endpoints and strengthens defenses against cyber threats by enforcing standardized security configurations. Organizations typically rely on established guidelines such as the Center for Internet Security (CIS) Benchmarks and frameworks like NIST, which provide best […]

Access control protects the confidentiality, integrity, and availability of systems and data. It is important because attackers frequently exploit legitimate accounts, excessive permissions, and weak policy enforcement to blend into normal operations. While access control systems are designed to prevent unauthorized actions, the decisions they generate, such as denied requests, privilege escalations, or anomalous authorization […]

Incident management involves detecting, responding to, and resolving unplanned events efficiently across systems and teams. It is important for organizations aiming to reduce downtime, mitigate risks, and maintain operational resilience. Incident management platforms like Rootly are designed to streamline and automate response workflows for engineering, operations, and security teams. Integrating Rootly with Wazuh connects Wazuh […]

Rhadamanthys Stealer is a credential-harvesting malware sold as Malware-as-a-Service (MaaS). It is known for its modular architecture, data-stealing capabilities, and continuous updates driven by criminal marketplaces. Attackers distribute Rhadamanthys stealer via phishing emails, cracked software, malicious ads, and fake installers. The stealer primarily targets Windows endpoints to extract browser passwords, crypto wallets, system metadata, autofill […]

Open source software makes its source code publicly available, allowing anyone to inspect, audit, and improve it. This transparency creates verifiable trust, where security claims can be independently validated by a global community instead of taken on faith. Open source licenses give users full control to understand, customize, and extend the software to meet their […]

Cephalus ransomware surfaced in mid-August 2025 and quickly attracted attention for its stealth and operational precision. The threat actors demonstrate a clear financial motivation and rely on initial access vectors. They exploit weak or exposed Remote Desktop Protocol (RDP) configurations, particularly targeting accounts lacking Multi-Factor Authentication (MFA) protection, to gain unauthorized access. Cephalus ransomware targets […]

A critical severity Remote Code Execution (RCE) vulnerability disclosed as CVE-2025-55182, has been identified affecting the React Server Components (RSC) protocol. This vulnerability is rated CVSS 10.0 and allows unauthenticated attackers to execute arbitrary code on the server via insecure deserialization of malicious HTTP requests. The flaws also affect frameworks and bundlers that use the […]